As part of an ongoing sweep by the FBI, Europol, and national police organizations, a Ukrainian citizen has been brought up on charges in conjunction with the Kaseya ransomware attack that occurred over the July 4th weekend. Yaroslav Vasinskyi is charged with breaking into the victim companies and installing encryption software, developed by the core REvil group. REvil handled the ransomware negotiations and then split the profit with Vasinskyi, a common method used by ransomware groups. Vasinskyi and a Russian national Yevgeniy Polyanin were charged in U.S. District Court for the Northern District of Texas with conspiracy to commit fraud and conspiracy to commit money laundering, among other offenses. Vasinskyi was arrested and is being held in Poland, while Polyanin is still at large.
As ransomware attacks continue to affect companies throughout the U.S. and other parts of the world, many different government agencies are working together to take down the actors. Because many ransomware groups work as a Ransomware-as-a-Service (RaaS) model, Kimberly Goody, director of financial crime analysis at security company Mandiant, believes that targeting affiliates is more important than targeting the core group. This is because their skills are more prized, as opposed to encryption software, which is more common. The action taken on these individuals, as well as other to come, is in part due to Kaseya and their help with the investigation. It is important for any entity that gets infected with ransomware to report it to law enforcement immediately to help combat attacks.